<?php
/**
 * Auth控制器
 * @author yupoxiong<i@yufuping.com>
 */

namespace app\api\controller;

use app\common\model\Users;
use Lcobucci\JWT\Builder as TokenBuilder;
use Lcobucci\JWT\Signer\Hmac\Sha256;

class Auth extends Api
{
    protected $needAuth = false;
    
    //用户登录
    public function login()
    {
        $result = $this->validate($this->param,'User.api_login');
        if(true!==$result){
            return $this->error($result);
        }

        $data = [
            'mobile'     => $this->param['mobile'],
            'password' => md5(md5($this->param['password'])),
        ];

//        return json('gg');
        $user = Users::get($data);
        if (!$user){
            return $this->error('用户名或密码错误');
        }

        if ($user->status != 1) {
            return $this->error('账户被冻结');
        }

        $signer = new Sha256();
        $token = (new TokenBuilder())
            ->setIssuedAt(time())
            ->setNotBefore(time())
            ->setExpiration(time() + 3000)
            ->set('uid',$user->id)
            ->sign($signer, config('app_key'))
            ->getToken();
        return $this->success($token->__toString());
    }

}